Fill the gap in your information security strategy, minimize risks & vulnerabilities and be cyber-secured

in today’s and tomorrow’s energy infrastructure

6th Cyber & SCADA Security for Power and Utilities Industry 2019

Topics to be addressed

• OT Penetration Testing• Next-gen IDS (Intrusion

Detection Systems) in Utilities • Security through simplicity• SOC cooperation: effective

response to a rapidly evolving threat landscape

• Active Cyber Defence• What about a cybersecurity

culture?• Cyber security in the boardroom

& leadership team• Detecting industrial APT activity• OT Incident Response - How to

survive an OT Security incident• Air-gap in OT security: resurrect

or revamp the old concept?

Benefits of attending

• Meeting selected senior decision- makers from different IT Security/ ICT Risk Information Security/ SCADA & OT Security/Data Privacy divisions of leading Power & Utility companies

• Learning from the selected examples of practical approaches

• Knowledge and expertise exchange

• Direct networking with industry decision makers in a business - friendly environment

Arslan BrömmeNational Information Security OfficerVattenfall, Germany

Jarek SordylBoard MemberEE-ISAC &Cybersecurity DirectorPERN, Poland

Yosi ShneckHead of Cyber Entrepreneurship & Business Development IEC, Israel

Michael Walter KnuchelHead of SAS EngineeringSwissgrid, Switzerland

Kaj PaananenHead of Cyber SecurityUponor, Finland

Peter Ulrik SchjøttCyber Security Business ArchitectVestas, Denmark

Dr. Sandro GayckenDirector Digital Society Institute ESMT Berlin, Germany

Arnold SchuurICS/SCADA Security EngineerICS Defense, The Netherlands

Hervé van WayenbergeCISO Sibelga, Belgium

Jos MentingChief Technologist - CybersecurityENGIE Laborelec, Belgium

Felix SchillerIT-Security Manager50Hertz Transmission, Germany

Panagiotis PanousosInformation & CommunicationsTechnology (ICT) DirectorDESFA, Greece

Greg ChawkeEnterprise Security Architect Ervia, Ireland

Guido GluschkeDirector Institute for Security and SafetyBrandenburg University of Applied Sciences, Germany

Dr. Stefan A. DeutscherProject Advisor toWorld Economic Forum, Germany

Workshop LeaderJan-Tilo KirchhoffManaging Director Compass Security, Germany

Cyber Security Series

Speaker Panel

MEDIA PARTNERS

PARTNER

Berlin, Germany

25th-27th of September 2019

INTERACTIVE WORKSHOP Led by Compass Security

w

Coffee & Networking18:00

17:45 Summary & Closing Remarks by the Workshop Leader

25th of September

15:30 Registration & Welcome Coffee

16:00 Opening Address by the Workshop Leader

OT PENETRATION TESTING

16:15 Penetration testing OT Environments• Safety!= Security – Common misunderstandings between

IT and OT staff• Vulnerability Assessments vs. Penetration Tests – What do I need and

what can I expect• Special requirements and challenges for security assessments in OT• Real world examples of OT Security Issues

Jan-Tilo Kirchhoff - Managing Director Compass Security, Germany

Workshop OutlineWhile conducting vulnerability assessments and penetration tests on office networks and web based services and applications are a staple of todays information security management some organizations still struggle with applying the same measures to there OT environment. In this workshop we will explore the similarities and differences of planning and conducting security assessments of OT environments. Based on real world examples we will demonstrate how attackers attempt to interfere with OT systems and how publicly known attacks have informed the methods used by penetration testers today. Using examples selected from our ICS and IOT security courses participants will get the chance to gain insights and hands-on experience in the realm of OT security.

About Compass SecurityCompass Security Deutschland GmbH, as an independent branch of the Swiss Compass Security Network Computing AG, is a company specializing in security assessments and forensic investigations and is based in Berlin. They carry out penetration tests and security reviews for the clients, enabling them to assess the security of their IT systems against hacking attacks, as well as advising them on suitable measures to improve their defenses. Founded in 1999 Compass Security has over 20 years of experience in national and international projects. Close collaboration with universities enable Compass to perform field research. Thus, the security specialists are always up-to-date.

6th Cyber & SCADA Security for Power and Utilities Industry 2019

Berlin, Germany

25th-27th of September 2019

8:30

9:00

Registration & Welcome CoffeeOpening Address from the Chairman

10:30 Coffee & Networking Break

15:20 Coffee and Networking Break

Conference Day One

26th of September

6th Cyber & SCADA Security for Power and Utilities Industry 2019

Berlin, Germany

25th-27th of September 2019

Closing Remarks from the Chair & Wrap up of Day 117:20

Cocktail Reception17:30

INTRUSION DETECTION SYSTEMS & CYBER-DEFENCE FRAMEWORKS

09:10

• Implementation of IDS: how to improve the network visibility• Configuration challenges: how to deal with them• 2/3/4G as well as clear text radio: evaluate and mitigate the

risks

IDS (Intrusion Detection Systems) in OT & RTU connections via own fiber

09:50

• What challenges are the critical utilities phasing today in regards to Cyber Security?

• What does security through simplicity actually mean ?• How to get there ?• Practical Examples or how you could get there

Security through simplicity

Lunch Break, Coffee and Networking12:20

Booking Contact: Reda Bernard tel:+420 228 885 146 fax:+420 255 709 599 email: redab@prosperoevents.com

Arslan BrömmeNational Information Security OfficerVattenfall, Germany

14:00 Active Cyber Defence• What is Active Cyber Defence• The way how to collaborate with National Governmental

Institutions • Current situation in Europe

Panel Discussion Corporate cyber security awareness – latest developments and trends• What is your corporate cyber security philosophy? • Holistic approach to cyber security internal programs• Practical tips to ensure that protection of company’s data is a

topmost priority of the staff • Awareness programs & adopting good ‘cyber-hygiene’• Delivering the message ‘we can be out of business’ if

remained uneducated in risk management

16:40

11:00 Coordination and Cooperation from the perspective of the Energy Computer Emergency Response Team• Threats and vulnerabilities in Energy sector and response to

that• SOC and CERT as special teams responsible for support

organization in cybersecurity• Cooperation between organizations as a key point to success• Sharing information at national and international level and

role of ISACs

CYBER SECURITY ASPECTS & SOCIAL ENGINEERING

16:00 SOC cooperation: effective response to a rapidly evolving threat landscape• What is a SOC, IT and OT SOCs• The problem with a SOC and integration with Incident

Response• Reference model for SOC/Incident Response integration• Insourcing vs outsourcing, partly or fully• Discussion of risks and pitfalls

14:40 What about a cybersecurity culture?• Why is a cybersecurity culture a need?• What is to be taken into account?• How can you measure cybersecurity culture

Peter Ulrik SchjøttCyber Security Business ArchitectVestas, Denmark

Jos MentingChief Technologist – CybersecurityENGIE Laborelec , Belgium

11:40• The cyber challenge in utilities complex systems – IT/OT &

the new VT• Outside the box risk management – in contradiction to the

traditional cyber risk assessment• The cyber organization dilemma – distribution, integration,

professionalism and much more• SCADA and complex systems validation on the fly – digital

twin validation at any stage of process or system life cycle• The organizational cyber picture – Vincent van Gogh or

Gustave Courbet – the challenge of cyber decision makers• Cyber Attack demonstration on a critical utility asset

The cyber picture – is it real?

Yosi ShneckHead of Cyber Entrepreneurship & Business Development IEC, Israel

Michael Walter KnuchelHead of SAS EngineeringSwissgrid, Switzerland

Jarek SordylCybersecurity DirectorPERN & EE-ISAC, Poland

Hervé van WayenbergeCISOSibelga, Belgium

Panelists: Hervé van Wayenberge- Sibelga, Belgium;Jos Menting - ENGIE Laborelec , Belgium;Stefan A. Deutscher - Project Advisor to World Economic Forum

Conference Day Two

10:30 Business Card Exchange and Coffee BreakOpportunity for the participants to share their contactinformation with each other dedicated specifically to strengthening business connections with the industry peers.

08:30

09:00

Registration & Welcome CoffeeOpening Address from the Chairman

Closing Remarks from the Chair & Wrap up of Day 217:20

17:30 Coffee and Networking

16:40 Panel DiscussionIncident reporting & response management• Strengthening information-sharing and plans to cyber

incidents• How to effectively plan and implement technical security

measures, active monitoring systems and regular threat assessment

• Establishing internal collective emergency response teams and technologies

• Incident evaluation• Ensuring business continuity

6th Cyber & SCADA Security for Power and Utilities Industry 2019

Berlin, Germany

25th-27th of September 2019

12:20 Lunch Break, Coffee and Networking

27th of September

INDUSTRIAL, SCADA & OT CYBER SECURITY

Booking Contact: Reda Bernard tel:+420 228 885 146 fax:+420 255 709 599 email: redab@prosperoevents.com

CYBER SECURITY MANAGEMENT

15:20 Coffee and Networking Break

OT Incident Response - How to survive an OT Security incident• How to prepare for an OT Security incident? • How to respond to an OT incident?• How to recover from an OT incident?• Lessons learned

11:00

09:50 Cyber Resilience in the Electricity Ecosystem• Insights from the World Economic Forum project• Key principles for senior leaders• Good practices and lessons learned

Air-gap in OT security: resurrect or revamp the old concept? • Definition• Old VS new DESFA network: the “wins” and the “losses”• Convergence vs isolation: how much air(-gap) can we take?• Things taken into account when securing the OT• Balancing the odds• DESFA’s experience & future thoughts

11:40

• Elements of a cyber security strategy• Implementing an ISMS by using ISO 27001• Impact of new trends, such as digitalization and SOC• Cyber security education

Cyber Security Strategy in the Energy Sector14:40

Panagiotis PanousosInformation & Communications Technology (ICT) DirectorDESFA, Greece

09:10• What makes an attacker an advanced persistent threat?• Presenting advanced techniques known from past activity• How can attacks be detected?• Approaches on detecting unknown attacker activities

Detecting industrial APT activity

Felix SchillerIT-Security Manager50Hertz Transmission, Germany

The evolution and future of OT-Security• How the OT security has developed (where we are now)• What are the current major changes in it• What will the future look like (for OT security)

14:00

Kaj PaananenHead of Cyber Security Uponor, Finland

Arnold SchuurICS/SCADA Security EngineerICS Defense, The Netherlands

Panelists: Arnold Schuur - ICS Defense, The Netherlands;Guido Gluschke - Brandenburg University of Applied Sciences, Germany;Dr. Stefan A. Deutscher - Project Advisor to World Economic Forum

Dr. Stefan A. DeutscherProject Advisor toWorld Ecnomic Forum, Germany

Guido GluschkeDirector Institute for Security and SafetyBrandenburg University of Applied Sciences, Germany

16:00• Today’s Threat Vectors and the Digital Threat Landscape• Preparing for Executive and Board communications• What to do when it goes wrong

Cyber Security in the boardroom & leadership team

Greg ChawkeEnterprise Security ArchtectErvia, Ireland

For upcoming events, you can visit our website

www.prosperoevents.com/upcoming-events

What we do

We help decision makers in European energy industry to benchmark best practices by organizing peer-to-peer conferences.

What we promise

We promise the longest average minutes (at least 10 minutes within 2 days per participant) of direct peer-to-peer networking with the most senior, relevant, committed, innovative and open-minded end-user experts in Europe about specific energy industry related topics.

How we keep our promise

If our customer finds any other conference in Europe about the same topic with longer average networking time per participant and higher level of networking, then we will refund the registration fee in full in the form of Credit Note that can be used for any of our conferences upcoming 12 months.

Berlin, Germany

25th-27th of September 2019

6th Cyber & SCADA Security for Power and Utilities Industry 2019

PARTNER

6th Cyber & SCADA Security for Power and Utilities Industry 2019

Berlin, Germany

25th-27th of September 2019

MEDIA PARTNERS

Critical Infrastructure Protection Review is the go-to destination for the latest news, insights and expert knowledge, and designed to assist governments, public and private sectors in improving security and resilience of vital critical infrastructures, strengthening their preparedness to withstand and recover from the physical and cyber attacks. For more information, please visit: http://www.criticalinfrastructureprotectionreview.com/

Cyber Defense Magazine is by ethical, honest, passionate information security professionals for IT Security professionals. Our mission is to share cutting edge

knowledge, real world stories and awards on the best ideas, products and services in the information technology industry. For more information, please visit: https://www.cyberdefensemagazine.com/

The Israel Electric Corporation (IEC) is a public and government-owned company, generating and supplying electricity to all sectors; approx. 99.85% of the shares are government-owned. Its activities include the generation, transmission and transformation, distribution, supply and sale of electricity to customers. IEC owns and operates 17 power stations with 63 generating units: 18 steam-driven and 45 gas turbines, of which 14 are combined-cycle units. Its Installed is 13,617 MW. IEC supplies reliable high-quality electricity, complies with leading service standards, maintaining economic, commercial and environmental principles. IEC

is partnering FTTH (Fiber to the HOME) initiative in Israel. IEC employs around 11,000 employees and provides service to approx. 2.8M customers. IECYBER is an elite unit in IEC, providing battle proven portfolio of unique cyber solutions and services. The cyber portfolio, including cyber defense and cyber resilience solutions, is based on vast, real life daily experience, gained in challenging geopolitical environment and atmosphere, focused to protect one of the most critical infrastructure companies, and main vertically integrated electricity supplier in Israel.

ASSOCIATION PARTNER

The European Energy - Information Sharing & Analysis Centre (EE-ISAC) is an industry-driven, information sharing network of trust. EE-ISAC helps utilities to improve the cyber security and resilience of their grid by enabling trust-based data and information sharing. Founded in 2015, EE-ISAC is a joint initiative of 4 major European utility companies together with universities, governmental bodies and technology providers.

The Cyber Security Review is designed to draw on the combined knowledge, skills and expertise of the cyber security community to identify the emerging threats and facilitate the development of coherent policies and robust capabilities. Our mission is to promote dialogue and provide a platform for information exchange and cooperation between stakeholders, industry, academia and security experts worldwide. For more information, please visit: www.cybersecurity-review.com